Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.16.0
-
None
-
No
-
3
-
False
-
Description
Description of problem:
There is a discrepency in how [WMCO runs powershell commands|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/windows/windows.go#L1021], and how [WICD runs them|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/daemon/powershell/powershell.go#L18]. WMCO explicity sets ExecutionPolicy Bypass, while WICD uses the default on the Windows VM.
Version-Release number of selected component (if applicable):
4.16
How reproducible:
Unknown
Steps to Reproduce:
1. On a BYOH node set the execution policy to default by running: `Set-ExecutionPolicy -ExecutionPolicy Default`
2. Attempt to configure the Node with WMCO
Note: If this doesnt reproduce, try using the `Restricted` policy: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.4#-executionpolicy
Actual results:
Node is not properly configured:
Error message in WICD log:
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1
E0509 15:57:30.691935 656 controller.go:247] could not resolve PowerShell variable ENDPOINT_IP: error running command with output C:\Temp\network-conf.ps1 : File C:\Temp\network-conf.ps1 cannot be loaded. The file C:\Temp\network-conf.ps1 is not
digitally signed. You cannot run this script on the current system. For more information about running scripts and
setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ C:\Temp\network-conf.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1
Expected results:
Node joins the cluster as expected
Additional info: